Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Multipart file upload using spring boot with tomcat version 9.0.31 is failing

Tags:

java

spring-boot

tomcat

multipart

Multi part file upload in spring boot application is not working with tomcat version 9.0.31. But this functionality working fine with older version 9.0.30 .But there is a vulnerability in this version and forced to upgrade the version. See the error given below

 "timestamp": "2020-03-09T08:01:56.169+0000",
"status": 500,
"error": "Internal Server Error",
"message": "Failed to parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException: Processing of multipart/form-data request failed. Stream ended unexpectedly",

Error log is given below

nested exception is org.springframework.web.multipart.MultipartException: Failed to parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.impl.IOFileUploadException: Processing of multipart/form-data request failed. Stream ended unexpectedly] with root causeorg.apache.tomcat.util.http.fileupload.MultipartStream$MalformedStreamException: Stream ended unexpectedly

Please help to resolve this.

like image 463
Anoop M Nair Avatar asked Mar 09 '20 09:03

Anoop M Nair

2 Answers

I think the bug has been fixed with latest tomcat version 9.0.33.

The multi-part file upload functionality which was not working in version 9.0.31, has also been fixed with the upgrade. Also, I have tried checking if there are any vulnerability using owasp dependency checker and found that there are no vulnerabilities in this version.

Just upgrade your dependency with the below version:

<!-- https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core -->
<dependency>
    <groupId>org.apache.tomcat.embed</groupId>
    <artifactId>tomcat-embed-core</artifactId>
    <version>9.0.33</version>
</dependency>
like image 66
snehab Avatar answered Nov 05 '22 20:11

snehab

This is a bug in Tomcat 9.0.31. There's already an entry in Apache's Bugzilla: https://bz.apache.org/bugzilla/show_bug.cgi?id=64195.

According to the bug report, to prevent this issue you can either - use Http11Nio2Protocol instead of Http11NioProtocol - use Tomcat 9.0.30, where this doesn't happen (but has the critical Ghostcat vulnerability in Tomcat's AJP protocol)

The issue will be fixed in 9.0.32 (which is not released yet).

Note: When using http instead of https the problem also does not appear.

like image 25
Klendatho Avatar answered Nov 05 '22 20:11

Klendatho
Sign in to Comment

Related questions

java 10 gradle project : automatic module not found
How to update array elements in Firestore with Android?
Have only one size for multiple auto-size TextViews
Should I use getters and setters in constructors?
Exception: Can not deserialize instance of java.util.ArrayList out of START_OBJECT token at
When to Use XA Datasource and Non XA Datasource
Spring Mockito - Junit Controller Test - Mock one service
WiFi getSSID() always returns "<unknown ssid>"
Android: Using Room and Firestore?
Sonar - Make DATE_FORMAT as instance variable
I/O error while reading input message; nested exception is java.io.IOException: Stream closed
Why is OpenJDK 11 Java garbage collector *decreasing* free memory in this sample program?
Not able to connect to docker image with a spring boot application
Feign client retry on exception
How to set loop number of lottiefiles animation in android(Java)?
How to copy and rename a project in Android Studio 3.4?
How do I resolve a Redeclaration Error in Android Studio
Cleaning up unclosed ZipFile for archive in excel file
Null Safe Compare two bigdecimal objects having 0.0 and 0
How to use CameraX with PreviewView?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!